CVE-2026-50741

HIGH 8.8

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as `type`, or using the `ox.setChannelTargeting` XML-RPC API method.

CWE	CWE-94
Vendor	revive
Product	adserver
Published	Jun 26, 2026

Stay Ahead of the Next One

Get instant alerts for revive adserver

Be the first to know when new high vulnerabilities affecting revive adserver are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Versions

Revive / Adserver

0 ≤ 6.0.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

hackerone.com: https://hackerone.com/reports/3780854 hackerone.com: https://hackerone.com/reports/3781492

Credits

Rio Darmawan (riodrwn) Mikhail Ilin (doomtech)